☠️
smadi0x86 Playground
  • 💀Welcome to smadi0x86 Playground
    • 🍷Resources
    • 🚬Projects
    • 🎓Certifications
    • 📌Pinned
    • ❓Questions
    • 📞Contact
  • 🏞️Cloud Native
    • Docker
      • Quick Reference
      • Introduction
      • Containers
      • Images
      • Storage & Volumes
      • Security
      • Cheatsheet
    • Git
    • Serverless Framework
    • YAML
  • 🔨Software Engineering
    • System Design
    • Environment Variables
    • JSON Web Tokens
  • 👾Architecture
    • Computer Organization
      • Mathematics
    • C Language
      • Introduction
      • GCC Compilation
      • Libraries & Linking
      • I/O
      • Files
      • Pointers
      • Dynamic Memory Allocation
      • Data Types
      • Strings Manipulation
      • Bit Manipulation
      • Pre-processors
      • Macros
      • Type Qualifiers
    • C/C++ Build Systems
      • Fundamentals for Linking
      • Symbolic Linking
      • Cross-Platform Compilation
      • CMake for Building and Linking
      • Shared Libraries
      • Dynamic Linking and Dependency Management
    • Operating Systems
      • OS & Architecture
      • Processes
      • CPU Scheduling
      • Memory Management
  • 🛩️Cyber Warfare
    • Flight Physics
    • Communication
      • PWM & PPM
      • MAVLink
  • 🏴‍☠️Offensive Security
    • Active Directory
      • Introduction
    • Web Attacks
      • Server Side
        • OS Command Injection
        • Information Disclosure
        • Directory Traversal
        • Business Logic
        • Authentication
        • File Upload
        • SSRF
      • Client Side
        • CSRF
        • XSS
    • Recon
      • Active
        • Host discovery
        • Nmap
        • Mass Scan
      • Passive
        • Metadata
      • Web Applications
        • Discovery
        • Subdomains & Directories
        • SSL Certs
        • CMS
        • WAF Detection
      • Firewall Evasion
  • 😈Advanced Persistent Threat
    • C2
      • Sliver
    • Malware
      • Techniques
        • COFF Loader
      • Sektor7
        • Essentials
        • Common Techniques & APIs
  • 💌Certifications
    • AWS Certified Cloud Practitioner (CLF-C01)
      • Cloud Foundations
      • Domain 1: Cloud Concepts
      • Domain 2: Security and Compliance
      • Domain 3: Technology
      • Domain 4: Billing and Pricing
    • AWS Certified Solutions Architect - Associate (SAA-C03)
      • Foundation
    • Certified Kubernetes Administrator (CKA)
      • Core Concepts
      • Scheduling
      • Logging & Monitoring
      • Application Lifecycle Management
      • Cluster Maintenance
      • Security
      • Storage
      • Networking
      • Design Kubernetes Cluster
      • Kubernetes The Kubeadm Way
      • Troubleshooting
      • JSONPATH
      • Lightning Lab
      • Mock Exams
      • Killer Shell
    • Certified Kubernetes Security (CKS)
      • Foundation
      • Cluster Setup
      • Cluster Hardening
      • Supply Chain Security
      • Runtime Security
      • System Hardening
      • Killer Shell
    • (KGAC-101) Kong Gateway Foundations
      • Introduction to APIs and API Management
      • Introduction to Kong Gateway
      • Getting Started with Kong Enterprise
      • Getting Started with Kong Konnect
      • Introduction to Kong Plugins
  • 📜Blog Posts
    • Modern Solutions For Preventing Ransomware Attacks
Powered by GitBook
On this page
  • System Hardening
  • AppArmor
  • Seccomp
  • Minimize OS Footprint
  1. Certifications
  2. Certified Kubernetes Security (CKS)

System Hardening

System Hardening

AppArmor

AppArmor is a layer of security that sits between applications and our system filesystem, proceeses and networks.

We can do profiles for the applications we wanna apply AppArmor on.

We can create profiles for firefox, kubernetes, kubelet etc...

Types of profiles

Main commands

Setup simple AppArmor profile for curl

We can run aa-genprof curl to generate a profile for curl, then we can check if its added by going to /etc/apparmor.d/ or running aa-status.

We can use aa-logprof which checks the logs and update our profil according to the logs.

Nginx docker container uses AppArmor profile

We can apply an apparmor profile definition using apparmor_parser --add <path-of-profile> and we got it from https://kubernetes.io/docs/tutorials/security/apparmor/.

We have a pre-created profile called docker-nginx so we will apply it, this profile restricts some stuff as shown below and we can confirm its added by running aa-status

Then to test our new profile we can create an nginx container that uses our profile docker run --security-opt apparmor=docker-nginx -d nginx and then docker exec -it <container-id> sh.

The name of the profile isn't the name of the file, but its the name specified inside the file.

Create pod which uses an AppArmor profile

https://kubernetes.io/docs/tutorials/security/apparmor/

Prior to v1.30, this was created using annotations.

Seccomp

Create nginx pod in kubernetes and assign a seccomp profile to it

https://kubernetes.io/docs/tutorials/security/seccomp/

We have a pre-created seccomp configuration, we will add it to /var/lib/kubelet/seccomp/profiles/default.json on the worker node.

Now, we create a pod and add the profile path.

We can exec and it works!

Now, we will remove write syscall from the seccomp default.json profile and see what happens.

Error: failed to start containerd task "seccomp-pod": OCI runtime start failed: cannot start an already running container: unknown

It is not working as the container can't write and create the nginx service!

Minimize OS Footprint

Running netstat -plnt | grep 22 or lsof -i :22 to check for ssh listening connections and open ports.

PreviousRuntime SecurityNextKiller Shell

Last updated 8 months ago

💌
Page cover image